Second, the gateway (default router) on network B needs to be modified to redirect traffic destined for host hentschel via eth0 on host zm.home. We don't redirect all internet traffic via the tunnel, just what is destined for the hentschel host. On the Asus router, that looks like this:

Under LAN->Route

the above seems flakey, sometimes the back route is incomplete. Ensuring that this works requires a route entry for each server on the home network (ugh), in the form of:

route add -net 10.0.0.0/24 gw 192.168.1.100

To actually create the tunnel, here is what needs to happen:

on zm.home

start ssh with -w0:0 (creates tun0 interfaces on both ends), both sides need to be logged in as root

At this point, a request for any host on network B that originates on host hentschel will be answered. At the same time, traffic for hentschel from network B will be directed there via zm.home. Note that the web server on hentschel does not answer since it's interface is only set to the public interface.